search for: ohprs

...4 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } verbose_ssl = yes Thanks, Mark Foley

...eem immediately addressed in the wiki. > > This section in the wiki is giving an example for setting the share to > 'Everyone', 'Full Control' and 'Domain Users'. > > As I've described, all files in this folder are currently set to Unix > group "ohprs'. That is one of the old-overs you don't need, if set up correctly, Samba can make the domain group 'ohprs' into the Unix group group 'ohprs'. I created a group called 'ohprs' in my AD and: rowland at devstation:~$ getent group ohprs ohprs:x:13603: So it appear...

...? If it doesn't 'just work' with the config changes in the wiki, you may need to recompile with the right features. Also - check the permissions of the ntlm_auth program. That's caused many issues with Radius installs, IIRC. Hope that helps! Rick Quoting Mark Foley <mfoley at ohprs.org>: > This can't be that hard. I think I've enabled LDAP in Dovecot just by > including > dovecot-ldap.conf.ext in 10-auth.conf and using the default settings. I > now have > the configuration shown below. Two questions: > > 1. How do I set Outlook to authenticate...

...you still miss the gssapi module for dovecot. Am 03.07.2016 um 19:42 schrieb Mark Foley: > Achim, > > This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req > /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req > /etc/ssl/certs/OHPRS/easyrsa/private/ca.key > /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key > /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt > > $ openssl x509 -text -...

...he wiki. > > > > This section in the wiki is giving an example for setting the share to > > 'Everyone', 'Full Control' and 'Domain Users'. > > > > As I've described, all files in this folder are currently set to Unix > > group "ohprs'. > > That is one of the old-overs you don't need, if set up correctly, Samba > can make the domain group 'ohprs' into the Unix group group 'ohprs'. > > I created a group called 'ohprs' in my AD and: > > rowland at devstation:~$ getent group oh...

...e failed ntlm look-up is looking up user mark at hprs in shadow, which it doesn't find. Is there a way to strip the "@hprs" bit from the user so it can find the correct entry in /etc/shadow? That might fix the problem. --Mark -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Sat, 05 Sep 2015 17:12:50 -0400 To: dovecot at dovecot.org Subject: Re: How to "Windows Authenticate" Rick et al, The link you gave was a start, but is targeted for Samba3 and is assuming a probably Windows [SBS]Server AD/DC separate from the DC hosting dovecot, and includ...

I have a Linux file server that is an AD Domain Member. It shares the following (smb.conf): [public] path = /public store dos attributes = no hide dot files = yes readonly = no force group = ohprs create mask = 0660 directory mask = 2770 The "force group" lets all Windows users map this folder and create files and directories that all users can access and update. They are created with their own user ID and the specified group (ohprs). That has worked well for some time, but now...

...m.local is not recommded for several reasons. My current domain is hprs.local. So, as long as I'm starting from scratch I would like to take the opportunity to get this right. In wiki section "Using Your external Domain Name", it says I could simply use the external domain name, e.g. ohprs.org. Here's where I'm confused. If I use ohprs.org as the AD domain and e.g. DC1.ohprs.org is my AD/DC, how does name resolution work with other domain members? For example, webserver.ohprs.org is a current, public FDQN which resolves to 98.102.63.106. Inernally this host's IP within t...

...> wrote: > > > I have a Linux file server that is an AD Domain Member. It shares the > > following (smb.conf): > > > > [public] > > path = /public > > store dos attributes = no > > hide dot files = yes > > readonly = no > > force group = ohprs > > create mask = 0660 > > directory mask = 2770 > > > > The "force group" lets all Windows users map this folder and create > > files and directories that all users can access and update. They are > > created with their own user ID and the specified...

...oes not support Exchange. What are all the SBS/Exchange/Outlook small businesses doing? Limping along with SBS2008/11, or putting their email in Outlook.com? Seems like the Samba4/dovecot/Outlook combo would be an ideal migration. I appreciate your help. > > Quoting Mark Foley <mfoley at ohprs.org>: > > > More info ... > > > > My dovecot error log shows: > > > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > > service=imap > > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > > ?user=mark at hprs? ori...

...passwords = yes auth_mechanisms = plain ntlm login auth_use_winbind = yes auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } verbose_ssl = yes dovecot log after doing 'Test Account Settings' in Outlook: Sep 05 16:45:19 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for EC...

...cot is receiving.? I assume /etc/nsswitch.conf has been modified to use Samba? Sorry I haven't done this, but it doesn't seem like anyone else has either - so I'm just shooting in the dark here trying to get you steered in the right direction... Rick Quoting Mark Foley <mfoley at ohprs.org>: > More info ... > > My dovecot error log shows: > > Sep 05 16:45:19 auth: Debug: client in: AUTH? ? 1? ? ? ?NTLM? ? > service=imap > Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ? > ?user=mark at hprs? original_user=mark at HPRS > Sep 05 16:45:19...

with passdb ldap i guess. ---Aki TuomiDovecot oy -------- Original message --------From: Mark Foley <mfoley at ohprs.org> Date: 03/12/2017 21:18 (GMT+02:00) To: dovecot at dovecot.org Subject: Re: Howto authenticate smartPhone via Active Directory Yes, you are right. This link: https://www.redips.net/linux/android-email-postfix-auth/#section2 shows: passdb pam { } used for authenticating Android.? Problem...

...Mark Foley via samba <samba at lists.samba.org> wrote: > I have a Linux file server that is an AD Domain Member. It shares the > following (smb.conf): > > [public] > path = /public > store dos attributes = no > hide dot files = yes > readonly = no > force group = ohprs > create mask = 0660 > directory mask = 2770 > > The "force group" lets all Windows users map this folder and create > files and directories that all users can access and update. They are > created with their own user ID and the specified group (ohprs). That > has...

Achim, This is my most recent effort. If I cannot make progress from here I'm going to give this idea a rest. I used easy-rsa to create a cert. Files are: /etc/ssl/certs/OHPRS/easyrsa/ca.crt /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req /etc/ssl/certs/OHPRS/easyrsa/private/ca.key /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt $ openssl x509 -text -in /etc/ssl/certs/OHPRS/easyrsa/is...

...in auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } passdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/c5fe0cc8242d6030.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/mail.ohprs.org.key userdb { driver = passwd } userdb { args = /etc/dovecot/dovecot-ldap.conf.ext driver = ldap } verbose_ssl = yes -----Original Message----- From: Mark Foley <mfoley at ohprs.org> Date: Wed...

...cal/ mutt me: $ MAIL=imap://mark at server.domain.local/ mutt -F /etc/Muttrc I get the mutt message, "Certificate host check failed: certificate owner does not mathc hosthame mail.hprs.local". After that, in the mutt screen, I get: -----BEGIN------ This certificate belongs to: mail.ohprs.org Unknown Unknown Domain Control Validated Unknown This certificate was issued by: Go Daddy Secure Certificate Authority - G2 Unknown GoDaddy.com, Inc. http: Scottsdale This certificate is valid from Aug 14 21:38:38 2015 GMT to Aug 15 17:49:32 2016 GMT Finger...

...sending this message directly to you to spare the sambalist from my certificate trials. > I'm hoping you'll still hang in there a bit longer, though I'm close to giving up on this > whole thing myself. > > I used easy-rsa to create a cert. Files are: > > /etc/ssl/certs/OHPRS/easyrsa/ca.crt > /etc/ssl/certs/OHPRS/easyrsa/reqs/MAIL.req > /etc/ssl/certs/OHPRS/easyrsa/reqs/dovecot.req > /etc/ssl/certs/OHPRS/easyrsa/private/ca.key > /etc/ssl/certs/OHPRS/easyrsa/private/MAIL.key > /etc/ssl/certs/OHPRS/easyrsa/issued/dovecot.crt > > $ openssl x509 -text -...

...43 rport=56184 Sep 08 18:38:16 auth: Debug: client passdb out: CONT 1 Sep 08 18:38:16 auth: Info: ntlm(?,192.168.0.58,<vPWqBUQfeADAqAA6>): user not authenticated: NT_STATUS_LOGON_FAILURE Sep 08 18:38:18 auth: Debug: client passdb out: FAIL 1 Notice that my userid (mark or mark at ohprs) is nowhere to be found. Whereas when I specified the userdb passwd at least it had a user id in the error log. From my previous test with userdb passwd amd passdb shadow: Sep 05 16:45:19 auth: Debug: client passdb out: OK? ? ? 1? ? ??user=mark at hprs? original_user=mark at HPRS Sep 05 16:45:19...

...ded to stop replicating one of my trusted domains (and began rejecting auths for linked mailboxes from that domain) and in short I really just hate that environment with every fiber of my being and would love to see a decent free Exchange replacement on *nix. Rick Quoting Mark Foley <mfoley at ohprs.org>: > More experimentation ... > > I tried removing userdb and passdb from the dovecot NTLM config. That > didn't > work. I then tried adding a static userdb as follows: > > userdb { > driver = static > #? allow_all_users = yes > args = gid=100 home=/home/HPR...